Merge branch 'topic/keithjjones/openvpn' of https://github.com/keithjjones/zeek

* 'topic/keithjjones/openvpn' of https://github.com/keithjjones/zeek:
  Replace assert with if statement so OpenVPN can use this over UDP.  And fix spelling.

CHANGES

@@ -1,4 +1,8 @@
 
+4.1.0-dev.286 | 2021-03-08 11:24:38 +0000
+
+  * Allow non-TCP based protocols to use SSL analyzer. (Keith Jones)
+
 4.1.0-dev.284 | 2021-03-05 17:37:03 -0800
 
   * Simplify some copy_string() usages in threading::Field (Jon Siwek, Corelight)

VERSION

@@ -1 +1 @@
-4.1.0-dev.284
+4.1.0-dev.286

src/analyzer/protocol/ssl/SSL.cc

@@ -57,8 +57,10 @@ void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 	{
 	analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
 
-	assert(TCP());
+	// We purposefully accept protocols other than TCP here. SSL/TLS are a bit special;
-	if ( TCP()->IsPartial() )
+	// they are wrapped in a lot of other protocols. Some of them are UDP based - and provide
+	// their own reassembly on top of UDP.
+	if ( TCP() && TCP()->IsPartial() )
 		return;
 
 	if ( had_gap )

src/analyzer/protocol/ssl/SSL.h

@@ -15,7 +15,7 @@ public:
 	explicit SSL_Analyzer(Connection* conn);
 	~SSL_Analyzer() override;
 
-	// Overriden from Analyzer.
+	// Overridden from Analyzer.
 	void Done() override;
 	void DeliverStream(int len, const u_char* data, bool orig) override;
 	void Undelivered(uint64_t seq, int len, bool orig) override;
@@ -27,7 +27,7 @@ public:
 	// Get the TLS version that the server chose. 0 if not yet known.
 	uint16_t GetNegotiatedVersion() const;
 
-	// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
+	// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
 	void EndpointEOF(bool is_orig) override;
 
 	static analyzer::Analyzer* Instantiate(Connection* conn)